Heads-Up: GoDaddy Broke the Interwebs...

Christopher Morrow morrowc.lists at gmail.com
Wed Sep 12 03:43:31 UTC 2012


On Tue, Sep 11, 2012 at 11:16 PM, Naveen Nathan <naveen at lastninja.net> wrote:
>> Well, mostly I'm taking GoDaddy at their word that this was not a DoS attack.
>>
>> I also believe it was related to BGP, and am happy to get more info.  But we are discussing Anonymous vs. Self-inflicted wound here.
>
> I'm skeptical, BGPlay (http://bgplay.routeviews.org/) doesn't show any withdrawn routes for any of their prefixes over Sep 9-11. Infact, their BGP operation looks fairly operational during the time from what I can gather.

a bgp error doesn't HAVE to mean that they withdrew (or even
re-announced!) anything to the outside world, does it?

for instance:
  border-router -> internet
   redistribute your aggregate networks from statics to Null0 on the
border-router
   accept full routes so you can send them to the other borders and
make good decisions at the external edge

  border-router -> internal
    send default or some version of default via a fitler to internal
datacenter routers/aggregation/distribution devices.
    accept from them (maybe) local subnets that are part of your aggregates

now, accidently remove the filter content for the sessions between the
border and internal ... oops, your internal devices bounce with
'corrupted tables' (blown tables)... you still send your aggs steadily
to the interwebs, wee!

-chris



More information about the NANOG mailing list